package com.movieproject.src;

import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

import com.movieproject.daos.UserDAO;
import com.movieproject.dataobjects.User;

@Controller
@Transactional
public class LoginController { 
	
	@Autowired
	private UserDAO userDAO;
	
	
	@RequestMapping(value = "/Login", method=RequestMethod.GET) 
	public String viewLogin() {
		return "Login";
	}
	
	@RequestMapping(value = "/signout",  method= RequestMethod.POST)
	public ModelAndView logout(HttpServletRequest request) {
		request.getSession().invalidate();
		
		return new ModelAndView("thehomepage");
	}
	
	@RequestMapping(value = "/AdminLogin", method=RequestMethod.GET)
	public String viewAdminLogin() {
		return "AdminLogin";
	}
	
	@RequestMapping(value = "/HomeView", method= RequestMethod.POST)
	public ModelAndView processCredentials(@RequestParam("username")String userName, @RequestParam("password")String password, HttpServletRequest request) 
	throws NoSuchAlgorithmException, InvalidKeySpecException {
		
		// Check for existing session
		HttpSession session = request.getSession(false);
		Integer sessID = new Integer(0);
		session.setAttribute("sessID", sessID);
		
		ModelAndView mav = new ModelAndView();
		String message = "Please enter your username/password: ";
		request.getSession().setAttribute("message", message);
		
		// Get all user from database
		ArrayList<User> members = (ArrayList<User>) userDAO.getAllUsers();
		
		boolean isMember = false;
		int userID = -1;
		String memberuName = "";
		String memberName = "";
		String pword = "";
		
		// Check to see if member exist.
		for(int i = 0; i < members.size(); i++) {
			memberuName = members.get(i).getUsername();
			memberName = members.get(i).getFirstName();
			if(AppSecurity.validateHash(userName, memberuName)) {	// check username with through hash function
				isMember = true;
				pword = members.get(i).getPassword();		
				userID = members.get(i).getUserID();
				break;
			}
		}
		
		// If member exist
		if(isMember) {
			if(AppSecurity.validateHash(password, pword)) {							// check for password
				request.getSession().setAttribute("uName", userID);					// Set userID in session var for other use.
				message = "Hello " + memberName; 									// Testing purposes
				request.getSession().setAttribute("message", message);
				mav = new ModelAndView("loggedin", "message", message);			// return model with message
				mav.getModelMap().addAttribute("pwMsg", "Please enter your old password and the new password.");
			} else 	{																
				message = "Wrong username/password combination...Please try again";	// return model with message of wrong password
				mav = new ModelAndView("Login", "message", message);
			}
				
		} else {
			message = "Wrong username/password combination...Please try again";
			mav = new ModelAndView("Login", "message", message);					// return model with message of wrong username or not a member
		}
		
		return mav;
		
	}
	
	
}
